What is CVE-2022-24840?

CVE-2022-24840 is a critical-severity vulnerability in Codingjoe Django-s3file, classified under Path Traversal. CVSS score: 9.1/10. Published 2022-06-06.

How severe is CVE-2022-24840?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Path Traversal in Codingjoe Django-s3file

CVE-2022-24840

django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.006 (68.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Codingjoe Django-s3file — versions < 5.5.1

Weakness classification (CWE)

CWE-22 — Path Traversal

References

github.com/codingjoe/django-s3file/security/advisories/GHSA-4w8f-hjm9-xwgf (x_refsource_CONFIRM)
github.com/codingjoe/django-s3file/commit/68ccd2c621a40eb66fdd6af2be9d5fcc9c373… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-24840?: CVE-2022-24840 is a critical-severity vulnerability in Codingjoe Django-s3file, classified under Path Traversal. CVSS score: 9.1/10. Published 2022-06-06.
How severe is CVE-2022-24840?: Critical severity. CVSS v3 base score is 9.1 out of 10.